Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/abfffe12-ebec-4645-bb49-fcce9eb504dc.roa
File:                     abfffe12-ebec-4645-bb49-fcce9eb504dc.roa (raw, json)
Hash identifier:          aEm2unu7qpd6Uz9NSDSGYGVLhEUBHAdVUvt0N6ThvDQ=
Subject key identifier:   D9:32:B3:82:D1:10:27:F5:78:45:8D:58:34:35:3C:80:9A:82:AE:A3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       218EDA12DBA00B7004984F05CB8BB2E2AFB06784
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/abfffe12-ebec-4645-bb49-fcce9eb504dc.roa
Signing time:             Fri 07 Feb 2025 00:00:00 +0000
ROA not before:           Fri 07 Feb 2025 00:00:00 +0000
ROA not after:            Fri 14 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.59.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:8e:da:12:db:a0:0b:70:04:98:4f:05:cb:8b:b2:e2:af:b0:67:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb  7 00:00:00 2025 GMT
            Not After : Mar 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:25:fc:29:94:ce:53:1e:66:22:c1:b4:5f:1c:
                    d0:eb:2d:cb:e6:03:07:63:b0:7a:2b:76:7d:52:cc:
                    03:55:cb:0a:f9:27:fd:0e:0d:84:45:26:3a:84:11:
                    ee:19:6a:e9:6e:bb:3e:1e:02:f0:c0:87:18:35:81:
                    89:ce:0c:db:83:fb:8e:9b:4f:99:16:ab:48:b4:07:
                    5b:12:e7:fd:77:dd:5b:fb:b3:fe:87:51:f9:9d:bb:
                    22:2c:da:db:30:0f:ef:e1:21:f8:a9:60:37:f0:54:
                    b3:5d:fa:65:a7:3a:f9:12:65:51:ae:36:5d:d0:e7:
                    0a:66:05:73:91:c9:35:36:10:8f:f4:34:32:2b:5f:
                    8d:8f:0c:83:10:ac:b7:c8:52:a2:cd:fa:bf:da:ea:
                    73:b5:0e:79:fb:2b:01:f9:61:db:b6:10:0e:29:17:
                    8c:c9:50:82:ff:c0:72:a7:23:47:59:51:c0:00:50:
                    d9:ea:cc:05:8a:65:d0:86:14:7c:ca:8a:77:3b:4f:
                    73:3c:b8:20:63:83:a4:71:2f:65:fb:55:c8:18:d2:
                    99:7b:d9:9e:d2:af:4b:44:60:a3:90:ba:7f:0c:9c:
                    ed:03:43:a5:56:86:3e:3b:94:91:7a:03:29:c3:b7:
                    6a:6b:83:c4:9c:95:36:a4:6b:ac:3d:a6:24:08:8a:
                    50:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:32:B3:82:D1:10:27:F5:78:45:8D:58:34:35:3C:80:9A:82:AE:A3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/abfffe12-ebec-4645-bb49-fcce9eb504dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.59.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4d:2c:77:b7:e4:05:8b:75:d1:6f:61:de:cd:15:9d:ef:ce:a0:
         3c:36:8a:0d:a8:39:de:57:47:a2:c1:22:5d:e7:b8:72:81:32:
         cf:9e:0b:27:4c:fb:f2:b5:ea:13:c2:04:eb:5e:0d:cc:55:74:
         29:67:d8:1b:43:29:50:be:ba:b7:9e:3d:a3:ff:bc:7e:50:4e:
         e2:59:d5:23:2a:36:1a:3f:c5:8f:10:8c:32:92:4c:ea:cf:23:
         07:0d:1a:e6:c4:11:bf:c2:69:36:47:81:cf:84:b9:ce:da:44:
         36:68:fe:85:fd:5e:4b:84:54:98:2c:71:23:61:e4:b8:25:56:
         5e:71:1e:01:8a:90:2d:cd:59:6c:d4:99:da:fb:d6:85:04:d0:
         f2:6d:9d:be:7d:bd:5f:0c:05:33:64:f7:90:1d:18:02:c4:f3:
         56:e3:4b:78:82:bc:29:fe:26:0b:63:20:77:9d:6b:b6:a1:c1:
         a4:e8:e3:28:82:ea:56:0e:55:c5:3b:4b:b4:40:b8:da:2f:1f:
         76:9e:ce:6f:e1:d6:4f:bc:5c:87:36:50:a5:61:01:cd:6e:47:
         8a:36:85:4f:41:c5:eb:e4:18:bf:05:cd:84:84:6d:ca:86:53:
         9f:32:6a:6d:21:76:e3:c2:c5:67:f7:ed:d9:cb:05:68:15:c0:
         2c:21:62:bc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIY7aEtugC3AEmE8Fy4uy4q+wZ4QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMjA3MDAwMDAwWhcNMjUwMzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTRlNDA1NjdlZGFkNThmMjI1ZmQzNmU2ZTdmZjhmM2Q0
YmE5YzQ1NDJjMGRkYWY3MDBlMGNhMjA0YjYzN2E1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFJfwplM5THmYiwbRfHNDrLcvmAwdjsHordn1SzANVywr5
J/0ODYRFJjqEEe4Zauluuz4eAvDAhxg1gYnODNuD+46bT5kWq0i0B1sS5/133Vv7
s/6HUfmduyIs2tswD+/hIfipYDfwVLNd+mWnOvkSZVGuNl3Q5wpmBXORyTU2EI/0
NDIrX42PDIMQrLfIUqLN+r/a6nO1Dnn7KwH5Ydu2EA4pF4zJUIL/wHKnI0dZUcAA
UNnqzAWKZdCGFHzKinc7T3M8uCBjg6RxL2X7VcgY0pl72Z7Sr0tEYKOQun8MnO0D
Q6VWhj47lJF6AynDt2prg8SclTaka6w9piQIilB7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2TKzgtEQJ/V4RY1YNDU8gJqCrqMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FiZmZmZTEyLWViZWMtNDY0NS1iYjQ5LWZjY2U5ZWI1MDRkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASOzANBgkqhkiG9w0BAQsFAAOCAQEATSx3t+QFi3XRb2HezRWd786gPDaK
Dag53ldHosEiXee4coEyz54LJ0z78rXqE8IE614NzFV0KWfYG0MpUL66t549o/+8
flBO4lnVIyo2Gj/FjxCMMpJM6s8jBw0a5sQRv8JpNkeBz4S5ztpENmj+hf1eS4RU
mCxxI2HkuCVWXnEeAYqQLc1ZbNSZ2vvWhQTQ8m2dvn29XwwFM2T3kB0YAsTzVuNL
eIK8Kf4mC2Mgd51rtqHBpOjjKILqVg5VxTtLtEC42i8fdp7Ob+HWT7xchzZQpWEB
zW5HijaFT0HF6+QYvwXNhIRtyoZTnzJqbSF248LFZ/ft2csFaBXALCFivA==
-----END CERTIFICATE-----